Flatpak package [Planned]

WhyNotHugo

Hi! Flatpak is a package management system for Linux, that's supported across a variety of distributions.

It provides some pretty good isolation for desktop apps, which I personally appreciate due to the added security (it's not absolute isolation, but at least processes can't read freely read one's home filesystem without approval and other enhancements).

I've been thinking about creating a package with 1Password, would you guys be okay with that being submitted to Flathub?

Basically the descriptor for the package has this format, and merely fetches the source from your site:

app-id: org.onepassword.onepassword
runtime: org.freedesktop.Platform
runtime-version: '20.08'
sdk: org.freedesktop.Sdk
command: /app/squashfs-root/1password
modules:
  - name: 1password
    buildsystem: simple
    build-commands:
      - chmod +x 1password-0.9.5-2.AppImage
      - ./1password-0.9.5-2.AppImage --appimage-extract
      - cp -r squashfs-root/ /app
      # - install -D 1password-0.9.5-2.AppImage /app/bin/1password
    sources:
      - type: file
        url: https://downloads.1password.com/linux/appimage/1password-0.9.5-2.AppImage
        sha512: 6bfc61c9da5cca90279664ab7aab0cb30569720fb9bd168accc65068b570e11ba5c59942d19d88baa7c42dd4d647686b9480bd1d957df956dff2562b9846a5b0
finish-args:
  - --socket=x11
  - --share=network

Note: this is just and example and doesn't yet work.
It's just to kind reflect how the package is generated. Also, this still fails due to some SUID error with a bundled helper.

---

1Password Version: 0.9.5-2.AppImage
Extension Version: n/a
OS Version: ArchLinux
Sync Type: n/a
Referrer: forum-search:flatpak

MikeT

Hi @WhyNotHugo,

Thanks for taking the time to write in and for helping us with Flatpak, it is appreciated!

We do have plans to support Flatpak and Flathub, we've mentioned this a while ago in a thread here.

We just need time to set it all up to automate this in-house. We've just finished adding AUR support recently after adding Snap and we're working to add more including Flatpak.

According to Flathub here, they'd prefer that we do this as transferring ownership can be a bit problematic. So, let me nudge our team and see if we can do something sooner rather than later.

ref: dev/core/core#2453

WhyNotHugo

Thanks for your reply!

Seems like I missed the above link, thanks for pointing it out.

I take if you'd rather submit this yourselves rather than go through the transfer process then. If I manage to get a working flatpak descriptor then, I'll just go ahead and post it here so you guy can handle is as you prefer.

Thanks, cheers!

Blake

Thanks a ton for that @WhyNotHugo -- you can certainly post the flatpak descriptor here and we can grab the reigns and take it from there. 😊

WhyNotHugo

Kinda forgot about this. I've a working package -- mostly the metadata is missing, which I'm sure you'd prefer to fill in yourselves anyway:

com.1password.1Password.yml:

app-id: org.onepassword.onepassword
base: org.electronjs.Electron2.BaseApp
base-version: '20.08'
runtime: org.freedesktop.Platform
runtime-version: '20.08'
sdk: org.freedesktop.Sdk
command: 1password
rename-desktop-file: 1password.desktop
rename-icon: 1password
finish-args:
  # 1Password is X11-only, so we can skip the Wayland socket for now. 🤞
  - --socket=x11
  - --share=network
  # I think it shows notifications sometimes? If not, remove this:
  - --talk-name=org.freedesktop.Notifications
  # Required to avoid asking for a 2FA token on every run:
  - --talk-name=org.freedesktop.secrets
  - --filesystem=xdg-run/1Password-BrowserSupport.sock
  # TODO: There's a dbus-socket for desktops with a tray icon thingy.
  #       That should be exposed too.
modules:
  - name: 1password
    buildsystem: simple
    build-commands:
      - ar x 1password-*.deb
      - rm -f 1password-*.deb
      - tar xf data.tar.xz
      - rm -f control.tar.gz data.tar.xz debian-binary
      - cp -r usr/* opt/* /app
      - cp -r usr/* opt/* /
      - chmod -R a-s,go+rX,go-w /app/1Password
      # Original path here points to /opt/1Password:
      - sed -i 's|Exec=.*|Exec=1password %U|' /app/share/applications/1password.desktop
      - install -Dm755 1password.sh /app/bin/1password
      - install -Dm644 org.onepassword.onepassword.appdata.xml /app/share/appdata/org.onepassword.onepassword.appdata.xml
    sources:
      - type: file
        only-arches:
          - x86_64
        url: https://downloads.1password.com/linux/debian/pool/main/1/1password/1password-0.9.12-2.deb
        sha256: e27b0055eb9a55af081160fb7a270db1ba806483328a8161d68a0dc2d913ff84
      - type: script
        dest-filename: 1password.sh
        commands:
          # Share a TMPDIR, so that multiple instance can figure out there's
          # already one running.
          - export TMPDIR="$XDG_RUNTIME_DIR/app/$FLATPAK_ID"
          # This script is required to work around a lack of SUID sandbox helper:
          - exec zypak-wrapper /app/1Password/1password "[email protected]"
      - type: file
        path: org.onepassword.onepassword.appdata.xml

org.onepassword.onepassword.appdata.xml:

<?xml version="1.0" encoding="UTF-8"?>
<component type="desktop">
  <id>org.onepassword.onepassword</id>
  <name>1Password for Linux</name>
  <project_license>XXX</project_license>
  <developer_name>XXXX</developer_name>
  <summary>XXXXX</summary>
  <metadata_license>CC0-1.0</metadata_license>
  <url type="homepage">https://1password.com/</url>
  <url type="bugtracker">https://github.com/flathub/org.onepassword.onepassword/issues</url>
  <description>
    <p>
      XXXXX
    </p>
  </description>
  <screenshots>
    <image type="source">https://us.v-cdn.net/5020219/uploads/editor/1g/883ixuqsk6tc.png</image>
    <image type="source">https://us.v-cdn.net/5020219/uploads/editor/ae/cmnoxgrdxdp8.png</image>
    <image type="source">https://us.v-cdn.net/5020219/uploads/editor/zc/196a8xd2cohr.png</image>
  </screenshots>
  <releases>
    <release version="0.9.12" date="2021-02-09"/>
  </releases>
  <content_rating type="oars-1.1">
    <content_attribute id="violence-cartoon">none</content_attribute>
    <content_attribute id="violence-fantasy">none</content_attribute>
    <content_attribute id="violence-realistic">none</content_attribute>
    <content_attribute id="violence-bloodshed">none</content_attribute>
    <content_attribute id="violence-sexual">none</content_attribute>
    <content_attribute id="violence-desecration">none</content_attribute>
    <content_attribute id="violence-slavery">none</content_attribute>
    <content_attribute id="violence-worship">none</content_attribute>
    <content_attribute id="drugs-alcohol">none</content_attribute>
    <content_attribute id="drugs-narcotics">none</content_attribute>
    <content_attribute id="drugs-tobacco">none</content_attribute>
    <content_attribute id="sex-nudity">none</content_attribute>
    <content_attribute id="sex-themes">none</content_attribute>
    <content_attribute id="sex-homosexuality">none</content_attribute>
    <content_attribute id="sex-prostitution">none</content_attribute>
    <content_attribute id="sex-adultery">none</content_attribute>
    <content_attribute id="sex-appearance">none</content_attribute>
    <content_attribute id="language-profanity">none</content_attribute>
    <content_attribute id="language-humor">none</content_attribute>
    <content_attribute id="language-discrimination">none</content_attribute>
    <content_attribute id="social-chat">intense</content_attribute>
    <content_attribute id="social-info">none</content_attribute>
    <content_attribute id="social-audio">intense</content_attribute>
    <content_attribute id="social-location">none</content_attribute>
    <content_attribute id="social-contacts">intense</content_attribute>
    <content_attribute id="money-purchasing">none</content_attribute>
    <content_attribute id="money-gambling">none</content_attribute>
  </content_rating>
  <update_contact>[email protected]</update_contact>
</component>

Caveats:

• App descriptor parts can't start with numbers, hence the name onepassword.
• I don't use any "application tray" service, so I haven't tested that. I know another D-Bus socket needs to be exposed, but I'm not keen to include extra tweaks I can't test on my setup.

You can build+install this by running:

flatpak-builder --user --install build-dir com.1password.1Password.yml --force-clean

And run with:

flatpak run org.onepassword.onepassword

WhyNotHugo

In case you want to submit this to Flathub, here's the relevant docs: https://github.com/flathub/flathub/wiki/App-Submission

Dayton_ag

Thanks so much, @whynothugo! I'll bring this to the attention of the Development team.

vincent_chernin

Recently electron-builder got experimental support for flatpak. Flathub integration is not built in yet but perhaps soon. Using electron-builder instead of repackaging the .deb may now be a viable option for building the 1password flatpak.

https://github.com/electron-userland/electron-builder/pull/5711

Dayton_ag

Oooh, very cool - thanks so much @vincent_chernin! I'll pass this along to the Dev team to take a gander at.